openstack/glance
Code Issues Proposed changes

Merge "Remove all usage of keystoneclient"

Browse Source
This commit is contained in:
Zuul 2018-04-25 08:33:28 +00:00 committed by Gerrit Code Review
commit 8a2d154234
3 changed files with 15 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
glance/common/auth.py
View File

@ -29,7 +29,7 @@ Keystone (an identity management system).
http://service_endpoint/ http://service_endpoint/
""" """
import httplib2 import httplib2
from keystoneclient import service_catalog as ks_service_catalog from keystoneauth1.access import service_catalog as ks_service_catalog
from oslo_serialization import jsonutils from oslo_serialization import jsonutils
from six.moves import http_client as http from six.moves import http_client as http
# NOTE(jokke): simplified transition to py3, behaves like py2 xrange # NOTE(jokke): simplified transition to py3, behaves like py2 xrange
@ -267,11 +267,10 @@ def get_endpoint(service_catalog, service_type='image', endpoint_region=None,
otherwise we will raise an exception. otherwise we will raise an exception.
""" """
endpoints = ks_service_catalog.ServiceCatalogV2( endpoints = ks_service_catalog.ServiceCatalogV2(
{'serviceCatalog': service_catalog} service_catalog).get_urls(interface=endpoint_type,
).get_urls(service_type=service_type, service_type=service_type,
region_name=endpoint_region, region_name=endpoint_region)
endpoint_type=endpoint_type) if len(endpoints) == 0:
if endpoints is None:
raise exception.NoServiceEndpoint() raise exception.NoServiceEndpoint()
elif len(endpoints) == 1: elif len(endpoints) == 1:
return endpoints[0] return endpoints[0]

21
glance/common/trust_auth.py
View File

@ -14,7 +14,6 @@
from keystoneauth1 import exceptions as ka_exceptions from keystoneauth1 import exceptions as ka_exceptions
from keystoneauth1 import loading as ka_loading from keystoneauth1 import loading as ka_loading
from keystoneclient.v3 import client as ks_client
from oslo_config import cfg from oslo_config import cfg
from oslo_log import log as logging from oslo_log import log as logging
@ -32,17 +31,17 @@ class TokenRefresher(object):
# step 1: create trust to ensure that we can always update token # step 1: create trust to ensure that we can always update token
# trustor = user who made the request # trustor = user who made the request
trustor_client = self._load_client(user_plugin) trustor_client = self._load_session(user_plugin)
trustor_id = trustor_client.session.get_user_id() trustor_id = trustor_client.get_user_id()
# get trustee user client that impersonates main user # get trustee user client that impersonates main user
trustee_user_auth = ka_loading.load_auth_from_conf_options( trustee_user_auth = ka_loading.load_auth_from_conf_options(
CONF, 'keystone_authtoken') CONF, 'keystone_authtoken')
# save service user client because we need new service token # save service user client because we need new service token
# to refresh trust-scoped client later # to refresh trust-scoped client later
self.trustee_user_client = self._load_client(trustee_user_auth) self.trustee_user_client = self._load_session(trustee_user_auth)
trustee_id = self.trustee_user_client.session.get_user_id() trustee_id = self.trustee_user_client.get_user_id()
self.trust_id = trustor_client.trusts.create(trustor_user=trustor_id, self.trust_id = trustor_client.trusts.create(trustor_user=trustor_id,
trustee_user=trustee_id, trustee_user=trustee_id,
@ -64,12 +63,12 @@ class TokenRefresher(object):
if self.trustee_client is None: if self.trustee_client is None:
self.trustee_client = self._refresh_trustee_client() self.trustee_client = self._refresh_trustee_client()
try: try:
return self.trustee_client.session.get_token() return self.trustee_client.get_token()
except ka_exceptions.Unauthorized: except ka_exceptions.Unauthorized:
# in case of Unauthorized exceptions try to refresh client because # in case of Unauthorized exceptions try to refresh client because
# service user token may expired # service user token may expired
self.trustee_client = self._refresh_trustee_client() self.trustee_client = self._refresh_trustee_client()
return self.trustee_client.session.get_token() return self.trustee_client.get_token()
def release_resources(self): def release_resources(self):
"""Release keystone resources required for refreshing""" """Release keystone resources required for refreshing"""
@ -99,11 +98,11 @@ class TokenRefresher(object):
trustee_auth = ka_loading.load_auth_from_conf_options( trustee_auth = ka_loading.load_auth_from_conf_options(
CONF, 'keystone_authtoken', **kwargs) CONF, 'keystone_authtoken', **kwargs)
return self._load_client(trustee_auth) return self._load_session(trustee_auth)
@staticmethod @staticmethod
def _load_client(plugin): def _load_session(plugin):
# load client from auth settings and user plugin # load ksa session from auth settings and user plugin
sess = ka_loading.load_session_from_conf_options( sess = ka_loading.load_session_from_conf_options(
CONF, 'keystone_authtoken', auth=plugin) CONF, 'keystone_authtoken', auth=plugin)
return ks_client.Client(session=sess) return sess

1
requirements.txt
View File

@ -31,7 +31,6 @@ PrettyTable<0.8,>=0.7.1 # BSD
Paste>=2.0.2 # MIT Paste>=2.0.2 # MIT
jsonschema<3.0.0,>=2.6.0 # MIT jsonschema<3.0.0,>=2.6.0 # MIT
python-keystoneclient>=3.8.0 # Apache-2.0
pyOpenSSL>=17.1.0 # Apache-2.0 pyOpenSSL>=17.1.0 # Apache-2.0
# Required by openstack.common libraries # Required by openstack.common libraries
six>=1.10.0 # MIT six>=1.10.0 # MIT